Virtual networks have emerged as a promising solution for enabling diverse users to efficiently share bandwidth resources over optical network infrastructures. Despite the invention of various schemes aimed at ensuring secure isolation among virtual networks, the security of data transfer in virtual networks remains a challenging problem. To address this challenge, the concept of evolving traditional optical networks into key programmable optical networks (KPONs) has been proposed. Inspired by this, this paper delves into the establishment of secure virtual networks over KPONs, in which the informationtheoretically secure keys can be supplied for ensuring the information-theoretic security of data transfer within virtual networks. A layered architecture for secure virtual network provisioning over KPONs is proposed, which leverages software-defined networking to realize the programmable control of optical-layer resources. With this architecture, a heuristic algorithm, i.e., the key adaptation-based secure virtual network provisioning (KA-SVNP) algorithm, is designed to dynamically allocate key resources based on the adaption between the key supply and key demand. To evaluate the proposed solutions, an emulation testbed is established, achieving millisecond latencies for secure virtual network establishment and deletion. Moreover, numerical simulations indicate that the designed KA-SVNP algorithm performs superior to the benchmark algorithm in terms of the success probability of secure virtual network requests.
Loading....